Re: exiting a chroot environment
by Abigail-II (Bishop) on Jul 07, 2003 at 22:36 UTC
|
How can I exit out of the chroot environment?
You can't. That's the entire point of a chrooted
environment. If you could leave it, there would be no point
of having chroot. BSD didn't call it jail
without a reason!
Abigail
| [reply] [Watch: Dir/Any] |
|
Freaky as it seems, you can on Linux¹ (Red Hat.)
From chroot(2):
Note that this call does not change the current working directory, so that `.' can be outside the tree rooted at `/'. In particular, the super-user can escape from a `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
I've confirmed that I can do it in perl with another chroot() to ./../../ (with enough ..s to get me to the real root from the CWD.) I guess "." isn't just symbolic?
Ick.
Thankfully, that's not portable. Other systems are sane.
1. I figured I'd look at the manpage to see if it said "you can't do that" and much to my surprise...
-sauoq
"My two cents aren't worth a dime.";
| [reply] [Watch: Dir/Any] |
|
I wouldn't be as quick to declare that this is a Linux failing point. There are no guarantees made by any system that chroot() will ensure that exploits are not possible. chroot() is a UNIX hack to redefine /, and this is where its claim ends. If one truly wants a box to contain a user, one should consider using a virtual machine of some sort.
It isn't that 'other systems are sane', but rather, 'other systems implement chroot() as a more elaborate hack.' The cost, of course, is performance, and code complexity. Is Linux wrong for not choosing this path? I don't believe so. I believe it is wrong for people to assume that silver bullets to their security problems exist... :-)
| [reply] [Watch: Dir/Any] |
|
|
|
|
|
|
|
Urg. I didn't realize Linux behaved so oddly. Yet another
reason not to worship Linux (don't get me wrong, I make
my money as a "Linux specialist"). Not only is Linux behaviour
not portable, the entire chroot concept isn't. chroot is not
part of the POSIX standard.
Abigail
| [reply] [Watch: Dir/Any] |
|
Re: exiting a chroot environment
by Anarion (Hermit) on Jul 08, 2003 at 08:48 UTC
|
Breakin a chroot enviroment if you are root is trivial, you can:
- chroot to another directory and then chdir .. because chroot doesn't change your current work dir.
- use a descritor to outside of chroot an call fchdir
- modify sys_call_table
- call mknod and mount
- use ptrace
and sure there are more ...
By now, chroot without kernel patches doesn't mean security at all.
$anarion=\$anarion;
s==q^QBY_^=,$_^=$[x7,print
| [reply] [Watch: Dir/Any] |
Re: exiting a chroot environment
by LazerRed (Pilgrim) on Jul 08, 2003 at 00:21 UTC
|
Maintenance Commands chroot(1M)
NAME
chroot - change root directory for a command
SYNOPSIS
/usr/sbin/chroot newroot command
DESCRIPTION
The chroot utility causes command to be executed relative
to newroot. The meaning of any initial slashes (|) in the
path names is changed to newroot for command and any of
its child processes. Upon execution, the initial working
directory is newroot.
Notice that redirecting the output of command to a file,
chroot newroot command >x
will create the file x relative to the original root of
command, not the new one.
The new root path name is always relative to the current
root. Even if a chroot is currently in effect, the newroot
argument is relative to the current root of the running pro-
cess.
This command can be run only by the super-user.
RETURN VALUES
The exit status of chroot is the return value of command.
EXAMPLES
Example 1: Using the chroot utility.
The chroot utility provides an easy way to extract tar files
(see tar(1)) written with absolute filenames to a different
location:
example# cp /usr/sbin/static/tar /tmp
example# dd if=/dev/nrst0 | chroot /tmp tar xvf -
Note that tar is statically linked, so it is not necessary
to copy any shared libraries to the newroot filesystem.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.8 Last change: 20 Mar 1998 1
Maintenance Commands chroot(1M)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
SEE ALSO
cd(1), tar(1), chroot(2), ttyname(3C), attributes(5)
NOTES
Exercise extreme caution when referencing device files in
the new root file system.
References by routines such as ttyname(3C) to stdin, stdout,
and stderr will find that the device associated with the
file descriptor is unknown after chroot is run.
My thoughts, maybe you just need to run a single command from within your chroot'd environment? I pasted the man because of the example with the tar command, and it's absolute filenames. Heed the warnings at the end though :)
Good Luck | [reply] [Watch: Dir/Any] [d/l] |
Re: exiting a chroot environment
by bobn (Chaplain) on Jul 08, 2003 at 01:32 UTC
|
| [reply] [Watch: Dir/Any] |
Re: exiting a chroot environment
by zentara (Archbishop) on Jul 08, 2003 at 16:43 UTC
|
$anarion stated:
By now, chroot without kernel patches doesn't mean security at all.
If you want a good kernel patch to restrict chroot, check out the grsecurity patch. grsecurity
| [reply] [Watch: Dir/Any] |